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WHAT IS CLAIMED IS: 

1. A layered defense-in-depth knowledge-based management system, 
comprising: 

a reception zone for authenticating a user for access to the system; 
5 an operations zone for adjudicating on a user level access to the data objects 

stored in a system database; and 

a security zone for issuing certificates of accessibility for defined users. 

2. A layered defense-in-depth knowledge-based management system as 
10 in Claim 1 further comprises revoking certificates for users no longer allowed access 

to the system. 

3. A layered defense-in-depth knowledge-based management system as 
in Claim 2, wherein the security zone further comprises performing key recovery 

1 5 operations. 

4. A layered defense-in-depth knowledge-based management system as 
in Claim 1, wherein the security zone further comprises filters to control and limit 
access to a predefined set of user workstations. 

20 

5. A layered defense-in-depth knowledge-based management system as 
in Claim 1, wherein the reception zone comprises a public key infrastructure for 
authenticating users for accessing contents of the system. 
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6. A layered defense-in-depth knowledge-based management system, 
comprising: 

a reception zone for authenticating a user for access to the system; 

a screening zone to interrogate data packets during processing thereof; 

an operations zone for adjudicating on the user level access to the data objects 
stored in a system database; and 

a security zone for issuing certificates of accessibiUty for defined users, revoke 
certificates for users no longer allowed access to the system, and performing key 
recovering operations. 

7. A layered defense-in-depth knowledge-based management system as 
set forth in Claim 6, wherein the reception zone comprises a public key infi-astructure 
for authenticating users for accessing contents of the system. 

8. A layered defense-in-depth knowledge-based management system as 
in Claim 6, wherein the operations zone comprises packet filtering for incoming and 
outgoing messages. 

9. A layered defense-in-depth knowledge-based management system as 
in Claim 6, wherein the security zone comprises packet filtering of incoming and 
outgoing messages for access control. 

10. A layered defense-in-depth knowledge-based management system as 
in Claim 6, wherein the operations zone comprises a document management server 
for establishing access to data stored in a library of the management system. 
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11. A method of layered defense-in-depth knowledge-based management, 
comprising: 

authenticating a user of the knowledge base; 

determine the clearance level of a requested document by the authenticated 

user; 

determine the clearance level of the authenticated user; 

comparing the clearance level of the document with the clearance level of the 
authenticated user; and 

displaying the secure document to the authenticated user in response to the 
clearance level of the user dominating the clearance level of the requested document. 

12. The method of layered defense-in-depth knowledge-based 
management as set forth in Claim 11, further comprising determining the allowance 
of both a document caveat and clearance access in response to the comparison of the 
clearance level of a document with the clearance level of the authenticated user prior 
to displaying the secure document. 

13. The method of layered defense-in-depth knowledge-based 
management as in Claim 11, further comprising encrypting and signing the 
authenticated user prior to determining the clearance level of a requested document. 

14. The method of layered defense-in-depth knowledge-based 
management as in Claim 11, wherein authenticating a user comprises a certificate 
authority program running on a server. 
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15. A method of layered defense-in-depth knowledge-based management, 
comprising: 

authenticating a user of the knowledge base; 
determine the clearance level of a requested secure document; 
5 determine the clearance level of the authenticated user; 

comparing the clearance level of the requested document with the clearance 
level of the authenticated user; 

obtain a document caveat; 
obtain an authenticated user caveat; 
10 comparing the authenticated user caveat with the document caveat to allow 

access to the obtained document caveat; 

determining the access allowability of the obtained document caveat; 
determine the allowance of both the document caveat and the clearance access 
to identify clearance of the authorized user to the requested secure document; and 
1 5 displaying the secure document to the authenticated user. 

16. The method of layered defense-in-depth knowledge-based 
management as in Claim 15, further comprising multiple authentication of a user prior 
to comparing the clearance level of the requested document with the clearance level 

2 0 of t he authenticated user. 
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17. A method of accessing an electronic support library for layered 
defense-in-depth knowledge-based management, comprising: 

authenticating in a reception zone a user in response to a request for data; 
document manipulation and administration in an operations zone of a request 
5 by an authenticated user; and 

issuing authorization certificates in a security zone for users to allow access to 
data managed in the operations zone. 

18. The method of accessing an electronic support library as in Claim 17, 
1 0 wherein authenticating a user in the reception zone comprises authenticating the user 

to a public key infrastructure. 

19. The method of accessing an electronic support library as in Claim 17, 
further comprising accessing data stored in the electronic support library by a 

1 5 document management server. 

20. The method of accessing an electronic support library as in Claim 17, 
further comprising packet filtering incoming and outgoing messages in and through 
the operations zone. 

20 

21. The method of accessing an electronic support library as in Claim 20, 
further comprising packet filtering incoming and outgoing messages for access to 
authorization certificates issued by the security zone. 



